Posted
by
timothy
on Friday August 26, 2011 @07:10AM
from the when-dumb-things-happen dept.

An anonymous reader writes "Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ. This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes."

seizing anything that is suspected of being used for criminal activity has been perfectly legal for hundreds of years. and there is no excuse that you were running some service or other and didn't know what other people were doing. if the cops get a hunch they will seize your stuff to look for evidence and impound it if there is evidence of a crime

Quite a few corporations do this routinely and are never prosecuted for it. Individuals are unlikely to take the risk due to the personal cost of a mistake, against which they can't insure. Carrying parcels for people on aeroplanes is not the same as sharing your spare computer capacity with anyone who needs some at the time. You are not carrying anything for anyone.

Hardware is so inexpensive now a days; a participatory, community-building point of view suggests you should be running two sets of hardware. One set for your open WiFi and Tor exit node, and the other for your personal use.

Except they won't bother to check, they'll just take everything you own. Although I suppose you could go the "True Names" route and bury your personal equipment.

It isn't heavy handed law enforcement and they won't be able to tell the difference at the time of seizure. They confiscate the equipment not because they even necessarily expect you of a crime, but rather because evidence of a crime may exist on it. If they don't find anything, they can return it. Running separate hardware is a good way to make sure you can get your personal stuff back faster if anything useful to the investigation is actually found on the public hardware.

Right, that's why ISPs constantly have their routers and DNS servers seized, because so many people are using those computers for criminal activity.

Oh, wait -- ISPs are corporations, so we treat them differently. When it is some guy running a service out of his home, then the other set of rules applies, where the service operator is harassed by ICE and threatened when his equipment is returned.

Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too [google.com]. That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search w

A provably false assumption even when Tor is not involved. I share an Internet connection with several other people, and my name is not the name of the account holder. When I was in high school, my (nerdier) friends and I used to grant ssh access to each other -- someone who was not even a resident of my home could have been using my Internet connection. I once discovered that a network administrator had not changed the default password on a router; I could have used that router to relay any traffic I

I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.

These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.

The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.

So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.

Then you arrest him and seize his equipment. If you detect evidence that he tried to destroy illegal files, then he is guilty of destruction of evidence. If you cannot find anything, I guess he gets to go free -- what a tragedy, that someone who might have downloaded some child pornography will not be arrested.

You've created a scenario where the standard of evidence is so high

Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person? Do you actually think that such a standard is too high? The only evidence

Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?

Yes, we have, and anybody with any knowledge of the criminal justice system will know that we've always been at this point. There is absolutely no 100% certain form of identifying evidence. Even in perfect circumstances, DNA matching can only tell how many million people could have supplied a DNA sample that "matched". Fingerprints give a few hundred matches, and can be altered. Confessions can be faked or coerced. Eyewitnesses can be biased or mistaken. The best we have ever been able to do is to use the u

There's a balance between the impact of the seizure and the evidentiary value of the equipment. If you seize a TOR node, you're causing a large inconvenience to one, possibly-involved person, seizing a whole lot of unrelated information related to that person, and in return getting one unit of evidence. If you seize just about any single machine from an ISP, in order to get the same unit of evidence, you're causing a large inconvenience to many, almost certainly uninvolved people, and seizing a whole lot of

ISP's work with law enforcement all the time. i work for one. more than once have i been told to provide a lot of data as evidence in a lawsuit. the reason why legit ISP's don't get equipment seized is they keep records they give to law enforcement.

So where does the ICE store all the switching network equipment they confiscate from the local bells? I mean, that stuff is used in criminal activity all the time. Wire fraud, internet fraud, hacking, etc. I mean, with the amount of criminal activity on the internet, they must be confiscating enough hardware to fill a few airplane hangars. Think of the expense to the telecom industry in keeping the infrastructure up and running with the government constantly pulling pieces out. Wow.

Even if running a Tor exit node is legal or not, it still wouldn't change the fact that it's an excellent way to end up with the the feds kicking your door in and sticking a gun in your face. Sure; after you spend a fortune on lawyers, fix your door, deal with the fallout of a public arrest and having your name in the papers a kiddie porn aficionado, and (maybe) get your computer(s) back; you may well win your court case. But that's a pyrrhic victory at best.

Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes

Unfortunately there is a lot the authorities can do under the name of "investigation" to harass, abuse, intimidate, and even detain you. Seizing computers is bad enough but if they really want to play hardball they can haul you in "for questioning"... on a daily basis... and pick you up at inconvenient times like when you're at the office or in the middle of the night. So really being investigated is the thing you don't want, because it can make your life hell and in the end the cops can just smile and say "No charges. Have a nice day, citizen."

I'm pretty sure that if such a pattern (or even habit) arose and word got out about it, you'd have a line of lawyers 10 miles long waiting at your door to help you sue any PD or agency was stupid enough to try.

Sure, they can pull it off for a short period of time, once, and there'd better be a warrant involved (we're talking computers here, not weed - you can't smell illegal computer activity from the front door). More than once (twice at most), and it becomes a pattern of harassment that can be litigated a

Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:

Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.

No sir. It makes you less likely to be convicted than someone else who is bein

'Mere' investigation can be made rather unpleasant, depending on the crime in question, the enthusiasm of the cops running after it, and your access to legal representation...

There are the practical difficulties: Having everything vaguely resembling a computer siezed and held for who-knows-how-long, potentially quite signifcant legal costs, etc.

And there are the ones arising from the common, but troublesome, opinion that investigation is a sort of lesser degree of guilt. The taint by mere association is worst with kiddie-porn related matters; but the touchier types seem to consider "Police Record: Checked, found absolutely nothing." to simply be a subspecies of "Police Record" and act accordingly. Fan-tastic.

Else investigations become a de facto payment without trial and that's not what happens in a democracy.

What happens in a democracy is what the people want to happen. Remember that Socrates was executed by a democracy. Democracy is a necessary condition for justice, not a sufficient one. The price of freedom is eternal vigilance, and all that.

Is registering as a business the answer to "confiscate everything in sight that looks like a computer?"

Maybe paying for a business line will frame the cops expectations correctly before they roll up on your residence. Make them more willing to listen to your network setup and only take the publicly accessible _half of your kit.

I imagine a better solution would be to get a virtual or dedicated server at some hosting company, clearly labeled as a TOR exit node (have it host a webpage explaining that fact) and if you can, ONLY use it for that. If you set up a separate corporate entity that owns the server, even better. The law protects you no matter where you run the exit node, but if you want to avoid even being personally investigated at all, you definitely need some significant separation between your home and your exit node.

I don't believe simply registering as a company, you need to be a corporation large enough to be capable of contributing at least a few hundred thousand to re-election funds, or have lobyests to get any kind of legal grace. A small company of 100 or less people, really doesn't bother them if it goes bankrupt while they spend a few months checking the equipment to see if they possibly were used as a tool for a crime.

I am neither a lawyer nor your lawyer; but I suspect that once the boys in blue are knocking on or down your door, you have a problem. It is unlikely that you'll manage to convince them to take your word for how your network is set up and just seize part of the potential evidence. Even if you do strike it lucky and get a techie with a gun and badge, rather than a cop who can pretty much handle dealing with physical evidence, why would he trust you, or do the fiddly forensics on site instead of just hauling it all off and doing the work back at the office?

You might have better luck with the seedy-but-legalish-if-often-a-cover-for-dodgy-activities techniques adopted by besuited scammers and corporations with creative accountants. A shell company, incorporated in one of the states with virtually bulletproof corporate veils and lax reporting requirements(scenic Nevada, for instance) with a vaguely telcomm-related name and no assets aside from a cheap hosted server somewhere, is no more immune to a raid than you are; but might encourage the investigators to finish picking over the raid evidence before deciding whether or not to try to hunt up the corporate officers/owners...

I run an exit node on a VPS. Apparently it'd been used by some guy to try to get a teenaged girl to send him naked pics. They subpoenaed everything back to my business cable connection at home and then called up my company (i.e. me) about it citing a scary amount of information about me.
I explained to the detective what TOR was (I already have the standard exit node info page up as recommended on the web server), and he'd already heard it from someone else (a civil lib organization running TOR exits used by the same guy). They dropped it there. Scared me a little and I contacted the EFF, who did not hesitate to offer support should something worse happen in the future.
EFF is one of the only organizations I donate to, ever, and I donate a decent chunk of change every month. I'm a proud supporter and it's good to know they're there to support me too.

I do not think it means what you think it means
Specifically, a dichotomy is a separation, usually a splitting of one thing into two separate and distinct parts. It usually requires that there be a choice, A or B.

An exit relay is the final relay that Tor traffic passes through before it reaches its destination. Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor users. Because Tor traffic exits through these relays, the IP address of the exit relay is interpreted as the source of the traffic. If a malicious user employs the Tor network to do something that might be objectionable or illegal, the exit relay may take the blame. People who run exit relays should be prepared to deal with complaints, copyright takedown notices, and the possibility that their servers may attract the attention of law enforcement agencies. If you aren't prepared to deal with potential issues like this, you might want to run a middle relay instead. We recommend that an exit relay should be operated on a dedicated machine in a hosting facility that is aware that the server is running an exit node. The Tor Project blog has these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.

I applaud those who do this but sadly they will be taken advantage of for illegal purposes and therefor the operators are at risk.

In other posts people suggest that ISP's should suffer the same fate but don't are reminded of the "Common Carrier" law. If these individuals were to set them selves up as a common carrier I wonder if they would realize the same protections. Given that those with CC protection do in fact cooperate with LE would that then make them obliged to do so?

Immigration and Customs Enforcement. If you are downloading child pornography across US borders, it falls under the jurisdiction of ICE. Of course, harassing Tor exit node operators should not fall under the jurisdiction of any agency, but in Soviet America, harassing service operators who are not registered corporations is what we do.

You are acting like the fact this guy was running a Tor exit node somehow means it was impossible for him to commit the crime. That is a ridiculous line of thought and if things operated that way, every criminal could simply operate a Tor exit node and be out of reach of investigation.

every criminal could simply operate a Tor exit node and be out of reach of investigation.

Or they could just use Tor, and avoid being investigated in the first place. Which is what happened in this case.

The "every criminal will use this excuse" theory is baseless. If an IP address is the only evidence that someone committed a crime, then that person should not be convicted -- and we should be examining what sort of laws led to a situation where IP addresses are the only evidence needed for a search or arrest warrant. I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data? There are dozens of people who have SSH access to my research group's server, and it is possible that any of them could use that server as a proxy -- should the server and all of our computers be confiscated, and all of us arrested, if the IP address shows up during an investigation?

IP addresses are not a form of identification, and even less so when a Tor exit node has that IP address. Anyone could be a criminal, but we should have higher standards for evidence when it comes to issuing warrants and confiscating equipment.

IP addresses don't definitively identify individuals (and I'm not aware of any case where that alone was used to convict someone), but disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.

I don't think he's disallowing their use, he's disallowing their use as the ONLY basis for probable cause. If your investigation leads to a specific IP address which multiple people could possibly have used to commit the crime, an arrest warrant should not be given for EVERYONE. A search warrant should be given for the end point, but only if the operator will not respond to a subpeona for the logs.

IP Addresses alone are used to definitively identify copyright infringement all the time, frequently it is wron

disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.

No, it would set the legal bar exactly where it should be: requiring the police to actually identify a person as a suspect. If the police are unable to do so, then they should not be granted a warrant -- this is not a country where we grant the police general search warrants, and it is better to let some criminals walk free than to harass innocent people.

No, that is a completely unreasonably high bar to attain. An IP address might not identify a person, but given an IP address, a time, and logs from the ISP, it can definitely identify a residence. Which is plenty enough for a warrant.

They wanted any computer equipment that may have had evidence relating to the investigation. The probable cause was that the IP address used was assigned to Mr. King's Internet connection, and Mr. King had entered into a legal agreement taking responsibility for the use of that connection, so it's probable that he knows what happened.

I guess because of OMGPRIVACY and OMGFUCKTHEPOLICE those sorts of facts get the boot.

No, it would have to be far enough along that the police have more to go on than an IP address before they harass and embarrass someone by seizing his equipment and accusing him of downloading child pornography.

They never accused him of anything. He was a part of an investigation. Heck, I was part of an investigation into a 3-car motor vehicle crash. I had been walking down the sidewalk at the time. I certainly didn't do anything criminal, but I was able to provide evidence.

What more evidence than an IP address is possible, given the architecture of the Internet at this point? By your standards, the Internet is place where any crime can go unpunished, because you can't know for certain who was pressing the keys, a

What more evidence than an IP address is possible, given the architecture of the Internet at this point?

Serious? If you don't know the answer to that question then you have absolutely zero business posting on a tech site like this one. Just another pro-jackboot shill willing to sell civil liberties for the illusion of security.

They never accused him of anything. He was a part of an investigation.

No, he was a suspect. If he was merely a source of information for the investigation, they would have asked him for the information, or possibly used a subpoena. Warrants are only used when it is likely that the entity in possession of the evidence would have reason not to hand it over because it would incriminate them. As an example, you don't need a warrant for security camera footage if you are not accusing the owner of the security camera of a crime that the security camera footage could be used as e

Assuming law enforcement has taken down a server with evidence of a crime, they'd have access to logs. Web server access logs usually store only IP addresses. There may be a session identifier, but that's not much use after 30 minutes. If the log were ridiculously detailed, it might have a cookie in it - but that's no good without something to match it to, which would require searching a suspect's computer.

If the investigators are monitoring packet data, they could get the MAC address

If the investigators spent time on the child porn forums or hacking sites or whatever they were investigating, they could infiltrate the community and try to get an actual identity, but that's a ridiculous long shot, and utterly unreliable.

Not such an unreliable longshot, as it turns out. I cannot remember the exact name, but there was a case where IP address logs would not have been terribly useful because an organized and very dangerous child pornography ring -- not just people downloading it, but people who were actually producing it -- was using a combination of the remailers network and Usenet (it would have required a global surveillance program to actually catch them without infiltrating the group). The FBI did wind up infiltrating

We were talking about what constitutes probable cause for a search warrant, not what should constitute sufficient evidence for an arrest warrant or an indictment.

Nobody should be arrested just on the basis of an IP address, or, for that matter, sued. But I think a search may be reasonable. What we need, however, is better definitions of what a 'search' is in the case of a computer. When someone is searching my physical property, they can only search for specific things, and when they find it they have t

I'd say the truly sad part is all this Gestapo crap is a complete waste of time because the cops know that isn't where the target is. I have a friend that works state crime lab and according to him after those big busts around 5 years ago actual predators simply stopped using the Internet for CP. he said the only ones you catch that way now are social retards that touch nobody but themselves and are whacking off to the same shit that has been floating around since the 80s.

So what do the real child molesters use? USPS of all things. They only use the net long enough to set up a trade on a back alley board which according to my friend there is ZERO chance of a cop infiltrating because the entrance fee is video of you molesting a kid with an object of their choosing and they don't give enough time to fake the video.

After that it is all encrypted DVDs and mail dumps. So many DVDs go through media mail nobody is ever gonna notice and if they don't get a response within x amount of time they consider that link dead and move on. According to my friend they are quite worried that terrorist types are taking notes from the CP scum as their system is damned near foolproof. the only reason they even know of it is every once in a while a kid that one of them was abusing will tell and they'll find the discs, not that they can read them of course. And with guys looking at 500+ years for all the abuse and no prosecutor EVER gonna make a deal with a serial child rapist good luck on getting one to flip.

So in the end all you get is what my friend calls the "Social retards" that are completely harmless. One they busted had been so isolated from humans, even going so far as to have all his food delivered, that they had to tranc him like an animal to get him out of the building. According to him the ones they get now are a complete waste of money as you are throwing guys that if you threw them in a room with a kid would go hide in a corner into a cell for 60 years at taxpayer expense while the ones who actually rape children are nowhere near there. but the politicos want the "catch a predator" style headlines so they waste the cash.

So just as in TFA we piss money down a rathole all in the cause of "doing something" even if that something is completely fucking pointless and doesn't actually solve anything. Welcome to Amerika, where your rights can be shot to shit as long as its "for teh childrenz!"

Wow, if that's true, it's crazy, and interesting. Especially the part about submitting a video of yourself committing molestation. Talk about self-incrimination. Must be a really compelling vice/urge to go to such lengths.

They only use the net long enough to set up a trade on a back alley board which according to my friend there is ZERO chance of a cop infiltrating because the entrance fee is video of you molesting a kid with an object of their choosing and they don't give enough time to fake the video.

Is telling someone to molest a kid and send the video to you not illegal? Seems like there are so many laws justified as protecting the kids that you'd think legislators would have made that massively illegal long ago. Or is it that even if cops saw the request and it was illegal, they'd be unable to track the requester down to arrest them?

It takes time. And if you know any detective rank cops,you know that the one thing that kills an investigation is time. If it takes more than a few days, forget about it. There are other crimes to work. The boss will tell you that it's a numbers game.... The DA wants convictions. That's all. Work the easy cases.

Because they have to upload the CP video FIRST before they are given the address. According to my friend it is maddening because trying to catch these guys is like trying to catch ghosts. they use fake IDs for mail dumps, some even pay a flunky to simply pick up the DVD and stick it in another envelope and mail it somewhere completely different, it is really maddening.

As for why they would want more CP if they have a kid to molest? Because the sick fucks collect CP the way some collect baseball cards, and i

You are acting like the fact this guy was running a Tor exit node somehow means it was impossible for him to commit the crime.

No, he is acting like the fact that this guy's IP address appeared in somebody's log is not probable cause for search and seizure. He is acting like running a Tor node is not probable cause for search and seizure. He is acting like common carriage of Tor traffic does not imply responsibility for the content of the packets -- something that was found to be critical to the protection of First Amendment rights when the telephone companies were treading this very ground.

While I decry ICE's decision-making process and think it's reaching beyond its authority, I think it's silly to say that TOR investigation is entirely outside of ICE's domain. Immigration and Customs Enforcement. We still live in a USA where some software and data imports and exports are considered unlawful, whether it's controlled technology (cryptology, espionage, classified data) or the more pedestrian types like child pornography.

Isn't ICE supposed to be dealing with illegal immigrants? Oh, right. I forgot. This is the Barry administration, where the Justice Department doesn't prosecute the Black Panthers for voter intimidation (even though they already won the case) and ICE has been tasked with ensuring that illegals are allowed to remain here, as long as they are registered Democrats.

No, ICE (which was renamed during the reorganization of INS that took place under the Bush II administration, you partisan hack) stands for Immigrations and Customs Enforcement.

Sovereign states have the right to control what passes over their borders. It's part of the definition of statehood. Immigration is about who, Customs is about what.

Back on topic, EFF's "Tor is Legal" sounds an awful lot like the arguments made to justify Freenet back in the day. Ultimately, they all rely on notions like "in any sane legal system", or "in any free country". Problem is, by those sorts of definitions of "free" or "sane", the country hasn't been free since Patriot I, and its legal system has never been sane.

With the end of the Cold War and the demise of the USSR, we lost any motivation for claiming the moral high ground. From printers that identify their owners (like the Romanian archives of individual keystrokes from every manual typewriter), to widespread and omnipresent surveillance (decades before it became a meme, "In Soviet Russia, television watches YOU" was a joke about how much more free we were than the Russians), we ended up becoming what we fought against.

What information regarding their case can ICE hope to get from the seized computer?

For example if the traffic in question really came from someone else through the TOR exit node as claimed. After all, he could well have downloaded the file himself but then claimed "oh, it was coming through TOR, I'm not guilty!" If the file is on his hard drive, he'll have a hard time to explain it.

An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?

The way you know that this has nothing to do with legitimate investigatory techniques is that ICE threatened the guy when they returned his equipment, telling him that he have to deal with more law enforcement harassment in future should he continue operating a Tor exit. This is a straightforward case of harassing the exit node operator because ICE was unable to defeat Tor. Aside from the minority of law enforcement officers who understand that law enforcement agencies benefit from Tor, law enforcement officers in general disdain Tor and think that it is a tool for criminals.

They can run their own exit nodes, and do traffic analysis to determine what type of traffic certain people are receiving, then use that to get warrants (since all it seems to take any more is a vague notion.)

Suppose that law enforcement is investigating a child pornography forum. The forum operator may have an IQ larger than his shoe size, and when law enforcement IP addresses show up, he is going to destroy all the evidence and possibly send a warning out to the forum's members. The police use Tor to avoid that problem -- it is even more effective since the members of those sorts of forums are often Tor users themselves.

An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?

Because very few police organizations would have the forensic skills to even determine that (outside of the FBI, most police agencies are lucky to have a copy of EnCase and maybe one or two guys on staff who know a little about computers). And a prosecutor would have an almost impossible time proving the case because of the nature of it being an ISP. So they don't waste their time.

Real life law enforcement isn't about being fair. Most of the time they're just going after the low-hanging fruit and the shit they can't ignore.

The point here is that an IP address does not identify a person and that the fact that illegal data was received at that IP address is not "probably cause." There is just as much reason to believe that an ISP employee is using a customer's IP address as a cover to download child pornography as there is to believe that a Tor exit operator is using Tor as a cover.

If police want to investigate that traffic and you tell them "sorry, I'm just running TOR" and they just take your word for it and go away...that would be some pretty incompetent police work.

If the police had received more than 3 hours of "computer training," they would know that they can get a list of Tor exit node IP addresses at no

Really, a comment like this on/. of all places? You are talking about search a list of strings for a particular string, and not even a very long list. The bottleneck is in the amount of time it takes the police to enter the query into their computer.

what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?"

Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.

Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?

You are talking about search a list of strings for a particular string

I've parsed the Tor list before myself. I'm fully aware of how little effort it takes, and I'm also aware that it's far beyond the capacity of most police departments. Remember, these folks are funded by taxes, and nobody ever wants tax increases. If it's a choice between getting a programmer to parse the Tor list and getting an extra set of body armor, no sane police department is going to pick the programmer.

Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.

Lying to the police is useless without more evidence of wrongdoing, and destruction of evidence is trivial compared to child pornography. The suspect could just be an ass to police for the fun of it.

They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard.

I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.

That's not so much a threat as a statement of fact. It's not a threat for me to tell you that you're likely to be injured if you start throwing punches at random people on the street.

He was never committing a crime to begin with, so why should his behavior change?

He wasn't convicted of a crime or even accused of one. His behavior should change because he's making life more difficult for himself. If he likes making trouble for investigators and himself, fine. It's his choice. He can go through the hassle again.

ICE has no business showing up at an exit node operator's home.

So if a trail of bloody footprints leads from a murder scene to your front door, the police have no business talking to you about it, because those footprints could have been anybody's, and somebody could have used your porch to change shoes, and it's totally not your problem at all, right? Getting a warrant to check for bloody shoes in your closet is unreasonable, and they should have asked you first! Once you tell them that that guy down the street wears shoes sometimes, they should leave you for a while, and ignore the bonfire in your backyard, because you could be innocent, so they should respect your rights at all costs.

Not at all - just because it's a TOR endpoint and any traffic there is a dead end doesn't invalidate checking all the other forensic options like browser cache etc, running TOR could just be a way of hiding in data volume. It's probably not the case, but if they don't follow a piece of evidence then that's bad.

So why not treat corporate ISPs the same way -- after all, one of the ISP's employees might be using the ISP's equipment to download child pornography, and attempting to disguise that as if it were one of the ISP's customers. Why is ICE not seizing routers and other equipment from ISPs as part of its investigation?

Right, because individual citizens are not supposed to be providing communication services, only registered corporations are supposed to be doing that sort of thing.

But surely you don't expect them to be cleared with absolutely no investigation, do you?

Yes, I do, because IP addresses do not identify people and the only thing that links a Tor exit node to the illegal activity is the IP address. An IP address is an unacceptably low standard of evidence for granting a search warrant. IP addresses are frequently shared, computers may be taken over by malware, your neighbors might guess your WPA passphrase, etc. The police should gather more evidence before they are granted a search warrant; this would avoid the problem of harassing innocent exit node ope

The police never asked for Mr. King's logs, they just busted in and seized his equipment. They simply assumed that because his home address was listed on the account that the IP address was assigned to, he was the person they were looking for. The most optimistic view is that this was bad police work.

As long as you have a capitalist welfare state supporting by a local labour aristocracy, you won't have a local exploited proletariat in which to raise united consciousness. The anarchists a century ago were already arguing this and it's come true. You would be better campaigning for better conditions abroad or for the sort of trade protectionism against abusive states which caused South Africa to be shunned in the '80s.

Communism means one thing and one thing only: the workers own the means of production. Citing a failed state that did just about everything wrong that it's possible to do wrong within a system no more disproves the value of communism that doing the same with a similar capitalist state would for capitalism.

Yeah. And people in positions of power in communist states never expand, consolidate, or take over said 'workers' who own production. In turn claiming that they're working, for the works, to strengthen them. How about the USSR, well I realize that's another failed state. Or Cambodia? China? Look at that, the blood of millions.

So here's a family story. My mothers father was a farmer in the Ukraine. The government decides to take all of the food and livestocks that's been produced in order to give it to the central state. They leave him with 2 cows, and tell him he needs to have an additional 187 cows the following year. Which is what they took from him. Of course being that he didn't have it, they tossed him in a gulag for 25 years.

I'm sure that the reality of those of us who had family suffer under the "justice" of communism, are just peachy with your idea. Right behind the mass starvation that the government caused. A communist state is a very nice wonderful utopian idea, that fails in reality because the communist system has no balances, or checks against the inherent greed of a person for power.

None of the above is true, and there is no singular "European law" that would enable it; each country has to have primary legislation enabling such a thing, and the implementation in each country can be very different.